CVE-2018-19601

CRITICAL

Rhymix CMS 1.9.8.1 - Server-Side Request Forgery via SVG Upload

Title source: llm
STIX 2.1

Description

Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/rhymix/rhymix/issues/1089

Scores

CVSS v3 9.1
EPSS 0.0144
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (1)
rhymix/rhymix 1.9.8.1
Published Jan 03, 2019
Tracked Since Feb 18, 2026